How users share items to collections they are not a member of?

Ask the Community Password Manager
,
1

How would users go about sharing items to collections they are not a part of? I have a user that want’s to share a password with someone specific. I know this can be done by creating a collection that the two users have access to but, this is a very common requests and is not feasible to create a new collection every time two users want to share an item. Thank you

2

Hi Brent and welcome to the community!

AFAIK, org has the settings to allow everybody to create, delete, and manage their own collections, which currently admins and owners also have access to.

Enterprise subscription also has the custom user role, which you can assign to individual users to have such ability.

You may want to contact support directly to get more ideas. Team and enterprise subscription has 24/7 priority support:

3

… and apart from the “Bitwarden plans”… “vault item sharing” is on the roadmap, which also means not yet possible (only “indirectly” via collections or “Sends”…) - see here the roadmap: https://community.bitwarden.com/t/bitwarden-roadmap

PS: An entire discussion about this topic can be read here: Vault Item Sharing (and there it is tagged as “roadmap:planned”)

1 Like
4

Brett - this exactly the right question to be asking, and from what I have learned from working through BitWarden support, it is calling out a considerable weak spot in the BitWarden product compared with the two password managers I have worked with in the past - LastPass and Keeper.

You are absolutely right that it “is not feasible to create a new collection every time two users want to share an item”. I’d generalize that statement to say ‘every time a new group of users wants share an item’. The fact that BitWarden is suggesting that this is the only way for it to work is truly disappointing.

I understand the difference between a private vault and an organization vault and that the organization vault is where password entries can be shared.

I am subscribed for the Family plan which allows up to 6 users. Under our family subscription, each family member gets a private vault and there is one organization vault for the family that can be used for shared password entries. I also understand that “Permission to access those Items is granted at the Collection level (not the individual Item level).”

None of that justifies the confusing and ineffective scheme that BitWarden requires for password sharing. As you said, it is not feasible to set up separate ‘collections’ for each possible combination of family members. I was really surprised to hear from BitWarden support that they were really saying that the program requires that in order to share a given password amongst a particular set of family members.

Say the members of my family are:

Mom
Dad
Dick
Jane
Sally
Pebbles

In addition to the ‘default’ collection, which allows sharing of a password among everyone in the family, do I really need to set up a separate ‘collection’ for each of these possible combinations of family members?

  • Mom, Dad, Dick Jane, Sally
  • Mom, Dad, Dick, Jane, Pebbles
  • Mom, Dad, Dick, Sally, Pebbles
  • Mom, Dad, Jane, Sally, Pebbles
  • Mom, Dick, Jane, Sally, Pebbles
  • Dad, Dick, Jane, Sally, Pebbles
  • Mom, Dad, Dick Jane
  • Mom, Dad, Dick, Sally
  • Mom, Dad, Dick, Pebbles
  • Mom, Dad, Jane, Sally
  • Mom, Dad, Jane, Pebbles
  • Mom, Dad, Sally, Pebbles
  • Mom, Dick, Jane, Sally
  • Mom, Dick, Jane, Pebbles
  • Mom, Dick, Sally, Pebbles
  • Mom, Jane, Sally, Pebbles
  • Dad, Dick, Jane, Sally
  • Dad, Dick, Jane, Pebbles
  • Dad, Dick, Sally, Pebbles
  • Dad, Jane, Sally, Pebbles
  • Dick, Jane, Sally, Pebbles
  • Mom, Dad, Dick
  • Mom, Dad, Jane
  • Mom, Dad, Sally
  • Mom, Dad, Pebbles
  • Mom, Dick, Jane
  • Mom, Dick, Sally
  • Mom, Dick, Pebbles
  • Mom, Jane, Sally
  • Mom, Jane, Pebbles
  • Mom, Sally, Pebbles
  • Dad, Dick, Jane
  • Dad, Dick, Sally
  • Dad, Dick, Pebbles
  • Dad, Jane, Sally
  • Dad, Jane, Pebbles
  • Dad, Sally, Pebbles
  • Dick, Jane, Sally
  • Dick, Jane, Pebbles
  • Dick, Sally, Pebbles
  • Jane, Sally, Pebbles
  • Mom, Dad
  • Mom, Dick
  • Mom, Jane
  • Mom, Sally
  • Mom, Pebbles
  • Dad, Dick
  • Dad, Jane
  • Dad, Sally
  • Dad, Pebbles
  • Dick, Jane
  • Dick, Sally
  • Dick, Pebbles
  • Jane, Sally
  • Jane, Pebbles
  • Sally, Pebbles
  • Mom
  • Dad
  • Dick
  • Jane
  • Sally
  • Pebbles

If so, that’s just dumb. And I don’t think there is any reason why that should be true.

A person who want’s to share a password entry that they have created in their private vault should be free to share it with whichever family member, or group of family members, that they choose without the need to set up any new ‘collections’ (assuming that a ‘collection’ has been set up for each family). The user shouldn’t need to have permission to view the passwords in given family member’s collection in order to say that they want to make a password that they are sharing accessible from that collection.

The family members designated with view/edit/manage permissions on a collection at the time it was established are the only users who can view the contents of that collection. But any family member that is choosing to share a password (i.e. to move the password to the family organization vault) should be allowed to designate which collections they intend to have visibility to the password they are sharing.

I originally thought that the fact that it isn’t working that way is probably a bug in the “Move to organization” functionality. When that option is chosen, the user should just be able to check the boxes by the collections that they want to share to. I couldn’t believe that the BitWarden designers would actually want to require the absurd need to create 62 collections in order to cover all of the possible combinations for sharing. But it seems that is the case.

2 Likes
5

Don’t think of a collection as an organizational structure. They are more of an access-control mechanism and are geared towards people entering/leaving a department. For example, you might have a collection termed “accounting” containing all the people and vault entries for that department. New hires then need to only be added to one place, instead of each vault entry.

In a family scenario, you most likely will end up with 6 collections in your family/organizational vault.

Our Family (or “default”)
Mom & Dad
Mom, Dad and Dick
Mom, Dad and Jane
Mom, Dad and Sally
Mom, Dad and Pebbles

Individual vaults are for passwords that are singly held. They need not be placed in the organization.

6

We’re just a family, not a business. But the ‘children’ are all grown, so the idea that the combinations would only be about adult vs. child access don’t hold. There are quite a few combinations of family members that are realistic. What I object to is the idea that each combination needs to be set up as a distinct collection. From a software design perspective, that makes no sense to me.

1 Like
7

Brent - sorry. In my reply I just realized that I called you Brett rather than Brent. I hate getting names wrong.

8

Also, BW’s TOS allows “friends” to share a family plan. The concept of owners and admins having access to all the shared secrets doesn’t work here either.

1 Like